International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 19 May 2015

Vincenzo Iovino, Qiang Tang, Karol Zebrowski
ePrint Report ePrint Report
In CRYPTO 2014 Bitansky et al. introduced a natural strengthening of indistinguishability obfuscation (iO) called strong iO (siO) and showed candidate constructions of such primitive from reasonable assumptions. In this paper, assuming quasi-siO, a natural weakening of siO, for a class of circuits C we construct a public-key functional encryption (FE) scheme with function privacy (FPFE) for the same class C. In the public-key setting known constructions of FPFE were limited to very restricted classes of functionalities like inner-product [Agrawal et al. - PKC 2015] whereas ours can be instantiated for general functionalities.

Then, inspired by the Naor\'s transformation from IBE to signature schemes, we construct from FPFE a natural generalization of a signature scheme endowed with functional properties, that we call functional anonymous signature (FAS) scheme. In a FAS (that we show to be equivalent to quasi-siO and FPFE), Alice can sign a circuit C chosen from some distribution D to get a signature $\\sigma$ and can publish a verification key that allows anybody holding a message m to verify that (1) $\\sigma$ is a valid signature of Alice for some (possibly unknown to him) circuit C and (2) C(m) = 1. Beyond unforgeability the security of FAS guarantees that the signature hide as much information as possible about C except what can be inferred from knowledge of D.

As other application of FPFE, we show that it can be used to construct in a black-box way (without using obfuscation directly) FE for randomized functionalities (RFE). Previous constructions of (public-key) RFE relied on iO [Goyal et al. - TCC 2015]. Combining properties of RFE and FAS, we obtain what we call signed probabilistic programs, in which Bob can verify that a (possibly hidden to him) probabilistic program P was signed by Alice and run P on any input but can not maliciously choose its random coins. Furthermore, our constructions of FPFE and RFE naturally generalize to the multi-inputs setting. Finally, we present a general picture of the relations among all these related primitives. One of the key points that such implications draw is that Attribute-based Encryption with function privacy implies FE, a notable fact that sheds light on the importance and power of function privacy for FE.

Expand

Additional news items may be found on the IACR news page.